<%@ page language="java" contentType="text/html; charset=GBK"
    pageEncoding="GBK"%>
<jsp:directive.page import="db.DBHander"/>  
<%
	
	String userName = "";
	String role ="";
	if(session.getAttribute("userName")!=null &&session.getAttribute("role")!=null) {
		userName =(String) session.getAttribute("userName");
		role=  (String)session.getAttribute("role");
		
	}else{
		response.sendRedirect("login.jsp");
	}
	
%> 

<%







	String code = request.getParameter("code");
	String id = request.getParameter("id");
	String pkg = request.getParameter("pkg");
	
	//System.out.println("code="+code);
	System.out.println("id="+id);
	//System.out.println("pkg="+pkg);
	//System.out.println("-------------------");
	String name = "null";
	String retail_box = "null";
	String retail_big_box ="null";
	String retail = "null";
	
	DBHander db1 = new DBHander();
	String sql1 = "SELECT * FROM products where product_code='"+code+"'";
	db1.rs =db1.stmt.executeQuery(sql1);
	if(db1.rs.next()){
		name  =db1.rs.getString(3)+"/"+	db1.rs.getString(4);
		retail_box = db1.rs.getString(7);
		retail_big_box =db1.rs.getString(8);
	}	
	db1.releaseAll();	
	
	

	

%>
<%
	//--------------get lock-------------
 DBHander db30 = new DBHander();
 db30.rs = db30.stmt.executeQuery("select lock1 from order_items where user_id='"+ userName+"' and id="+id);
 boolean isLock = false;
 if(db30.rs.next()){
 	String ttmp = db30.rs.getString(1);
 	if(ttmp!=null && ttmp.compareTo("on")==0){
 		isLock = true;
 	}
 }
 
 db30.releaseAll();

 %>
 <%
 
 if(pkg!=null && pkg.compareTo("box")==0){
		retail = retail_box;
	}
	
	if(pkg!=null && pkg.compareTo("big_box")==0){
		retail = retail_big_box;
	}
	
	
 		if(!isLock && id!=null){
		DBHander db11 = new DBHander();
		String sql11 = "update  order_items "
		+ "set product_retail='"+retail+"', "	
		+ " product_code='"+code+"', "
		+ " product_package='"+pkg+"', "
		+ " product_name='"+name+"'"	
		+ " where id="+id;	
		out.println("<br>"+ sql11);
		db11.stmt.executeUpdate(sql11)	;	
		db11.releaseAll();
		//id1 = id;
	}
		//System.out.println("code="+code);
	//System.out.println("id="+id);
	//System.out.println("pkg="+pkg);
	//System.out.println("--------2-----------");

 %>
<%
	response.sendRedirect("order.jsp?id="+id);
%>